14 matches found
CVE-2025-61234
Incorrect access control on Dataphone A920 v2025.07.161103 exposes a service on port 8888 by default on the local network without authentication. This allows an attacker to interact with the device via a TCP socket without credentials. Additionally, sending an HTTP request to the service on port...
EUVD-2025-36691
Incorrect access control on Dataphone A920 v2025.07.161103 exposes a service on port 8888 by default on the local network without authentication. This allows an attacker to interact with the device via a TCP socket without credentials. Additionally, sending an HTTP request to the service on port...
CVE-2025-61234
Incorrect access control on Dataphone A920 v2025.07.161103 exposes a service on port 8888 by default on the local network without authentication. This allows an attacker to interact with the device via a TCP socket without credentials. Additionally, sending an HTTP request to the service on port...
CVE-2025-61234
Incorrect access control on Dataphone A920 v2025.07.161103 exposes a service on port 8888 by default on the local network without authentication. This allows an attacker to interact with the device via a TCP socket without credentials. Additionally, sending an HTTP request to the service on port...
Dataphone A920 安全漏洞
Dataphone A920 is a POS from Dataphone USA. A security vulnerability exists in Dataphone A920 version v2025.07.161103, which originates from exposing services on port 8888 on the local network by default and without authentication, which could lead to unauthorized device interaction and informati...
PT-2025-44328
Name of the Vulnerable Software and Affected Versions Dataphone A920 version 2025.07.161103 Description A flaw in access control on Dataphone A920 version 2025.07.161103 allows unauthorized interaction with the device. A service running on port 8888 is exposed on the local network without requiri...
CVE-2025-61234
CVE-2025-61234 affects Dataphone A920 (v2025.07.161103). A misconfigured access control exposes a service on port 8888 on the local network without authentication, allowing TCP socket interaction. An HTTP request to port 8888 can trigger an error response that reveals Paytef dataphone packet head...
CVE-2025-61234
Incorrect access control on Dataphone A920 v2025.07.161103 exposes a service on port 8888 by default on the local network without authentication. This allows an attacker to interact with the device via a TCP socket without credentials. Additionally, sending an HTTP request to the service on port...
EUVD-2025-36563
An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public documentation can be crafted, where some fields can contain arbitrary or trivial data. Normally, such data should cause the device to reject the packet. However, due to a lack of validation, the device...
CVE-2025-61235
An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public documentation can be crafted, where some fields can contain arbitrary or trivial data. Normally, such data should cause the device to reject the packet. However, due to a lack of validation, the device...
CVE-2025-61235
An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public documentation can be crafted, where some fields can contain arbitrary or trivial data. Normally, such data should cause the device to reject the packet. However, due to a lack of validation, the device...
Dataphone A920 安全漏洞
Dataphone A920 is a POS from Dataphone USA. A security vulnerability exists in Dataphone A920 version v2025.07.161103, which stems from a lack of authentication and could result in unauthenticated triggering of functions...
PT-2025-44206
Name of the Vulnerable Software and Affected Versions Dataphone A920 version 2025.07.161103 Description A crafted packet, based on public documentation, can be sent to the device. Normally, the device should reject packets with arbitrary or trivial data in certain fields. However, due to...
CVE-2025-61235
Dataphone A920 v2025.07.161103 is affected by CVE-2025-61235 due to insufficient input validation in a crafted public-packet. Some fields in the packet can contain arbitrary data, which the device accepts without authentication and triggers the related functionality instead of rejecting the packe...